Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

vuw victoria - Victoria University of Wellington

advertisement 
T E W H A R E W Ā N A N G A O T E Ū P O K O O T E I K A A M Ā U I
VUW V I C T O R I A
UNIVERSITY OF WELLINGTON
EXAMINATIONS — 2011
END OF YEAR
NWEN 405
Security Engineering
Time Allowed: 2 Hours
Instructions:
Read each question carefully before attempting it.
This examination will be marked out of 60 marks.
Answer all three questions.
You may answer the questions in any order.
identify the question you are answering.
Make sure you clearly
Only printed foreign/English dictionaries are permitted.
NWEN 405
Question
Topic
Marks
1
2
3
Security in the Real World
20 marks
Secure Software Engineering 20 marks
Secure Networks
20 marks
continued...
Question 1. Security in the Real World
[20 marks]
(a) [10 marks] During a work meeting at Goliath National Bank, one of your colleagues
claims that only stupid people fall for phishing scams. Drawing upon what is known about
cognitive and social psychology, write a counter-argument to his claim.
(b) [10 marks] With respect to both physical assets and physical protective measures, what
are arguments in favour of and against the claim obscurity provides security? Your discussion
should draw upon appropriate theories and experimental evidence.
Question 2. Secure Software Engineering
[20 marks]
(a) [10 marks] Consider a web application written in C++ that accepts user input via a form
and uses it to construct a SQL query. Explain what vulnerabilities should be mitigated in
this web application, which general secure design principles are being violated and outline
one or more mitigation strategies.
(b) [10 marks] Consider the relationship between risk modelling (threat modelling in the
Microsoft software development lifecycle) and secure software evaluation. In particular,
discuss what is risk modelling, what are the limitations of functional tests with respect to
security testing, how risk modelling help in the choice of security-relevant tests and how
risk modelling can be used to determine how you choose mitigation strategies for security
bugs found during testing.
Question 3. Secure Networks
[20 marks]
(a) [10 marks] Outline four examples of different denial-of-service attacks based upon amplification techniques at the network and application layer. For each example, explain the
vulnerability being exploited, the type of amplification that results and possible mitigations for the attack. Make sure you include at least one example of both impact and traffic
amplification.
(b) [10 marks] Consider misuse (also known as signature-detection) and anomaly-detection
network intrusion detection systems. In particular, discuss how these compare in terms of
false positive rates, what effect does the stability of the environment into which they are
deployed have upon their accuracy, how these compare in terms of performance as time
goes on and how they compare in terms of allowing the type of attack to be determined.
********************************
NWEN 405
2
Related documents
Quiz-Input/Output/Processing
Quiz-Input/Output/Processing
Example Biological Level of Analysis Test
Example Biological Level of Analysis Test
ADVANCED LEVEL IN ECONOMICS FIRST YEAR Market
ADVANCED LEVEL IN ECONOMICS FIRST YEAR Market
I ) Match the following words with their correct meanings :
I ) Match the following words with their correct meanings :
Business Portfolio Assignment
Business Portfolio Assignment
Unit 1: Square Root – PRETEST
Unit 1: Square Root – PRETEST
Explain how human activities on a floodplain can increase the
Explain how human activities on a floodplain can increase the
Linear system culminating
Linear system culminating
Chapter 9 – Solution Chemistry
Chapter 9 – Solution Chemistry
Drawing a Cubist portrait in coloured pencil
Drawing a Cubist portrait in coloured pencil
Download
advertisement